Robert JR <roundcube...@alaadin.org> writes:
The problem is /var/mail (Owner is
useraccount and the group us mail) , and here comes the problem
Dovecot
keeps trying to chown the imap folder inside the homedirectory with
user:mail account and since
And this is the reason of error that appears
in my log file.
Dovecot is trying to keep the permission of your index caches consistent
with that of your mailbox it indexes. The INBOX index cache is kept in
your user's mail directory (as per your default settings), although you
can change that location.
The option mail_access_groups=mail solve the problem..
but I read it is not secure..
With my current configutation, users login
with imap to read mail , can they use
any the mail_access_groups=mail
and read other poeple mail ?
Yes, that's the security problem.
does my configutation
is a shard mailbox
and could be unsecure..
Could not parse your question/comment.
why didnot have
this issue with uw-imapd? and why dovecot try to chown the .imap
folder
with the mail group ?
uw-imapd was not as picky. The extra consideration for group ownership
is so that shared access to mailbox files, and their associated index
caches, remain consistent. For example, if you shared a mailbox among
your colleagues in group "staff" and the mailbox has group=staff,perm=g+rw,
then the index caches will inherit those permissions, and members of
group staff can access mailbox and indices alike.
[You later write ...]
Sep 9 11:22:30 dovecot: pop3(r): Error:
fchown(/home/r/.imap/INBOX/dovecot.index.log.newlock, -1, 12(mail))
failed: Operation not permitted (egid=501(r), group based on
/var/mail/r)
i know that chmod 0600 /var/mail , will solve the problem
and i will no longer receive the above errors again
You also have to make sure that autocreated INBOXs (i.e. a brand
new account) does not start out with anything other than 0600.
You may have to use dovecot's LDA or twist your LDA's arm to create
mailboxes that way.
I guess you can also avoid these errors by using memory indices, but
you forego the advantages of persistent indices.
But my question is
that incase i did not set chmod /var/mail 0600, can i ignore such
errors, is these errors harmful ? if this errors keep coming and i
ignored them would this cause mbx corruption .. please advise
No, you can't ignore these errors. They will break IMAP access to
those mailboxes (as you will find out).
Joseph Tam <jtam.h...@gmail.com>
